

Pen Testing the Web

with Firefox: Google

Michael “theprez98” Schearer
Google hacking
n Complex search engine queries to filter through
large amounts of search results for information
n Combination of advanced operators and specific
search terms
n Possibly locate private, sensitive information about
others, such as credit card numbers, site
vulnerabilities, usernames and passwords

General search basics
n Every word matters
n Searches are case-insensitive
n Punctuation is generally ignored
n Think how the page you are looking for will be written
n Describe what you need in as few terms as possible
n Choose descriptive words

Special search characters
n ( “this text” ) Phrase search; proper names
n ( + ) Force inclusion of certain words
n ( - ) Find results without certain words
n ( ~ ) Find synonyms
n ( | ) boolean ‘OR’
n ( .. ) Find results in a specific number range
n ( * ) Fill in the blanks (whole word wildcard)
Google advanced operators
n Query words that have special meaning to
n These operators modify the search in
some way, or tell Google to do a totally
different type of search
n Not all of Google’s advanced operators
are documented

n Restricts the results to pages containing
the query terms you specify in the
anchor text or links to the page

nRestricts results to pages containing all
query terms you specify in the anchor text
on links to the page
n Restricts results to documents containing
the search term in the text

Restricts results to those containing all the
query terms you specify in the text of the
n Restricts results to documents containing
the search term in the title

Restricts results to those with all of the
query words in the title
n Restricts results to documents containing
that word in the url

Restricts results to those with all of the
query words in the url
intitle, allintitle

inurl, allinurl

intext, allintext
inanchor, allinanchor
n Restrict your Google Groups results to
include newsgroup articles by the author
you specify
n can be a full or partial name or email
n Display Google’s cached version of a web
page instead of the current version of
the page
n Google will highlight terms in your query
that appear after the cache: search
images loaded
no images
n Allows you to customize the way a
webpage displays using small bits of
n Thousands of installable scripts are
located at
n Google Cache Continue Redux inserts
cache links on Google cache pages
n Shows definitions from pages on the web
for the term that follows
n Useful for finding definitions of words,
phrases, and acronyms
n Restrict the results to pages whose names
end in the extension you specify
n ext: is the same as filetype:
n Restrict your Google Groups results to
newsgroup articles from certain groups
n Presents information about the
corresponding web page
n id: is the same as info:
n restrict articles in Google Groups to those
that contain the terms you specify in the
n Shows pages that point to the specified url
n You cannot combine a link: search with a
regular keyword search
n Specific to Google News
n Returns only articles from the location you
n Find movie-related information
n Entering a location will provide showtimes
and theater locations
n Shows all public U.S. residence telephone
listings (name, address, phone number)
for the person you specify
n lists web pages that are similar to the web
page you specify
n Do not include a space between the
related: and the web page url
n Restricts results to those websites in a
given domain
n Specific to Google News
n restrict your search to articles from the
news source with the ID you specify
n Returns the current weather and forecast
when followed by a city, location name,
or ZIP code
Advanced Dork
n Gives quick access to Google's Advanced Operators directly
from the context menu
n Right click anywhere on the page with no text selected to be
provided with the active pages HTML title for use with
Google's intitle Operator, and the active pages HTML ALT
tags for use with Google's allintext Operator
n Right click on a link and choose from site: links domain, link:
this link, and cache: this link
n Right click the URL Bar and choose from site, inurl, link, and
cache; inurl works with the highlighted portion of text only
n Selecting an option will open the relevant Google search in a
new tab
Google Hacking Database
n The Google Hacking Database is a
collection of saved searches using
Google Advanced Operators that locate
private information including usernames,
passwords and other sensitive data
n Johnny Long’s GHDB is the most
(in)famous, but not the only one
Authors and add-ons
n Nancy Blachman (
n Johnny Long’s Google Hacking Database (
n CP (Advanced Dork)
n Anthony Lieuallen, Aaron Boodman, Johan
Sundström (Greasemonkey)
n Jeffery To (Google Cache Continue Redux)
